34a90837f468ad148e0bf8ba5d8b6ccbc9913b5f738ddf22403f145d79b2a878

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/04/2024, 12:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f1167f1220c3db301e4eca1a16fe4452_JaffaCakes118.exe
Size

184KB
MD5

f1167f1220c3db301e4eca1a16fe4452
SHA1

40e945312c1e1afea8ba05e188f16ef8282ff08d
SHA256

34a90837f468ad148e0bf8ba5d8b6ccbc9913b5f738ddf22403f145d79b2a878
SHA512

61a3d7505044fdc048a1fa80a2bca9d000b3cd9d45d47efd5365e0cb4b216bec8c4927d30174234cf70ef00d773aa77bd6b6f6458829a787c4fcc026baacc89e
SSDEEP

3072:xUl5ocb6PgFyEjFbElloztYeb06f3JIF5TxWH4l+7lP7pF2:xUXo34FysbUlozBe0j7lP7pF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2268	Unicorn-33404.exe
2000	Unicorn-52921.exe
2632	Unicorn-16719.exe
2596	Unicorn-25615.exe
2356	Unicorn-54950.exe
2512	Unicorn-17447.exe
2344	Unicorn-61852.exe
2380	Unicorn-25266.exe
2084	Unicorn-16544.exe
584	Unicorn-53108.exe
1884	Unicorn-41602.exe
2236	Unicorn-60529.exe
1452	Unicorn-20841.exe
1972	Unicorn-53321.exe
1912	Unicorn-33455.exe
1440	Unicorn-46777.exe
2908	Unicorn-17250.exe
1952	Unicorn-46222.exe
1296	Unicorn-62921.exe
840	Unicorn-19663.exe
1068	Unicorn-32661.exe
2160	Unicorn-10.exe
1640	Unicorn-29751.exe
2972	Unicorn-46834.exe
664	Unicorn-38111.exe
2192	Unicorn-9138.exe
3000	Unicorn-22137.exe
2112	Unicorn-34197.exe
2816	Unicorn-33451.exe
2304	Unicorn-54063.exe
2280	Unicorn-24166.exe
2012	Unicorn-44032.exe
3024	Unicorn-55900.exe
1744	Unicorn-33102.exe
1736	Unicorn-16212.exe
2628	Unicorn-59312.exe
2488	Unicorn-61580.exe
1156	Unicorn-37630.exe
2400	Unicorn-61388.exe
1200	Unicorn-17232.exe
2320	Unicorn-43634.exe
1656	Unicorn-59416.exe
2000	Unicorn-27106.exe
2632	Unicorn-46972.exe
772	Unicorn-43250.exe
2216	Unicorn-50864.exe
2164	Unicorn-59032.exe
2044	Unicorn-46266.exe
2656	Unicorn-51715.exe
1576	Unicorn-51715.exe
2672	Unicorn-51139.exe
2124	Unicorn-55223.exe
2612	Unicorn-24257.exe
476	Unicorn-44123.exe
1880	Unicorn-55861.exe
2708	Unicorn-29000.exe
2812	Unicorn-3749.exe
2120	Unicorn-59665.exe
2912	Unicorn-41321.exe
2496	Unicorn-24793.exe
1764	Unicorn-49188.exe
2544	Unicorn-12239.exe
2428	Unicorn-13199.exe
1212	Unicorn-33236.exe

Loads dropped DLL 64 IoCs

pid	Process
2248	f1167f1220c3db301e4eca1a16fe4452_JaffaCakes118.exe
2248	f1167f1220c3db301e4eca1a16fe4452_JaffaCakes118.exe
2268	Unicorn-33404.exe
2268	Unicorn-33404.exe
2248	f1167f1220c3db301e4eca1a16fe4452_JaffaCakes118.exe
2248	f1167f1220c3db301e4eca1a16fe4452_JaffaCakes118.exe
2000	Unicorn-52921.exe
2000	Unicorn-52921.exe
2268	Unicorn-33404.exe
2268	Unicorn-33404.exe
2632	Unicorn-16719.exe
2632	Unicorn-16719.exe
2596	Unicorn-25615.exe
2000	Unicorn-52921.exe
2596	Unicorn-25615.exe
2000	Unicorn-52921.exe
2356	Unicorn-54950.exe
2356	Unicorn-54950.exe
2512	Unicorn-17447.exe
2512	Unicorn-17447.exe
2632	Unicorn-16719.exe
2632	Unicorn-16719.exe
2380	Unicorn-25266.exe
2380	Unicorn-25266.exe
584	Unicorn-53108.exe
584	Unicorn-53108.exe
2512	Unicorn-17447.exe
2344	Unicorn-61852.exe
2344	Unicorn-61852.exe
2512	Unicorn-17447.exe
2596	Unicorn-25615.exe
2596	Unicorn-25615.exe
2084	Unicorn-16544.exe
2084	Unicorn-16544.exe
1884	Unicorn-41602.exe
1884	Unicorn-41602.exe
2356	Unicorn-54950.exe
2356	Unicorn-54950.exe
2236	Unicorn-60529.exe
2236	Unicorn-60529.exe
2380	Unicorn-25266.exe
2380	Unicorn-25266.exe
1912	Unicorn-33455.exe
1912	Unicorn-33455.exe
2908	Unicorn-17250.exe
2908	Unicorn-17250.exe
1884	Unicorn-41602.exe
1884	Unicorn-41602.exe
1440	Unicorn-46777.exe
1440	Unicorn-46777.exe
1972	Unicorn-53321.exe
1972	Unicorn-53321.exe
2344	Unicorn-61852.exe
2344	Unicorn-61852.exe
1952	Unicorn-46222.exe
2084	Unicorn-16544.exe
1452	Unicorn-20841.exe
2084	Unicorn-16544.exe
1952	Unicorn-46222.exe
1452	Unicorn-20841.exe
584	Unicorn-53108.exe
584	Unicorn-53108.exe
1296	Unicorn-62921.exe
1296	Unicorn-62921.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
2452	2160	WerFault.exe	49
2936	1776	WerFault.exe	100
1084	308	WerFault.exe	257

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2248	f1167f1220c3db301e4eca1a16fe4452_JaffaCakes118.exe
2268	Unicorn-33404.exe
2000	Unicorn-52921.exe
2632	Unicorn-16719.exe
2596	Unicorn-25615.exe
2356	Unicorn-54950.exe
2512	Unicorn-17447.exe
2380	Unicorn-25266.exe
2344	Unicorn-61852.exe
584	Unicorn-53108.exe
1884	Unicorn-41602.exe
2084	Unicorn-16544.exe
2236	Unicorn-60529.exe
1912	Unicorn-33455.exe
1972	Unicorn-53321.exe
2908	Unicorn-17250.exe
1440	Unicorn-46777.exe
1452	Unicorn-20841.exe
1952	Unicorn-46222.exe
1296	Unicorn-62921.exe
840	Unicorn-19663.exe
1068	Unicorn-32661.exe
2160	Unicorn-10.exe
1640	Unicorn-29751.exe
2972	Unicorn-46834.exe
664	Unicorn-38111.exe
2192	Unicorn-9138.exe
2816	Unicorn-33451.exe
2112	Unicorn-34197.exe
2304	Unicorn-54063.exe
3000	Unicorn-22137.exe
2012	Unicorn-44032.exe
2280	Unicorn-24166.exe
3024	Unicorn-55900.exe
1744	Unicorn-33102.exe
1736	Unicorn-16212.exe
2628	Unicorn-59312.exe
1156	Unicorn-37630.exe
2488	Unicorn-61580.exe
2400	Unicorn-61388.exe
1200	Unicorn-17232.exe
2320	Unicorn-43634.exe
1656	Unicorn-59416.exe
2000	Unicorn-27106.exe
2632	Unicorn-46972.exe
772	Unicorn-43250.exe
2164	Unicorn-59032.exe
2216	Unicorn-50864.exe
2044	Unicorn-46266.exe
2656	Unicorn-51715.exe
1576	Unicorn-51715.exe
2672	Unicorn-51139.exe
2124	Unicorn-55223.exe
2612	Unicorn-24257.exe
476	Unicorn-44123.exe
1880	Unicorn-55861.exe
2708	Unicorn-29000.exe
2812	Unicorn-3749.exe
2120	Unicorn-59665.exe
2912	Unicorn-41321.exe
2496	Unicorn-24793.exe
1764	Unicorn-49188.exe
2544	Unicorn-12239.exe
2428	Unicorn-13199.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 2268	2248	f1167f1220c3db301e4eca1a16fe4452_JaffaCakes118.exe	28
PID 2248 wrote to memory of 2268	2248	f1167f1220c3db301e4eca1a16fe4452_JaffaCakes118.exe	28
PID 2248 wrote to memory of 2268	2248	f1167f1220c3db301e4eca1a16fe4452_JaffaCakes118.exe	28
PID 2248 wrote to memory of 2268	2248	f1167f1220c3db301e4eca1a16fe4452_JaffaCakes118.exe	28
PID 2268 wrote to memory of 2000	2268	Unicorn-33404.exe	29
PID 2268 wrote to memory of 2000	2268	Unicorn-33404.exe	29
PID 2268 wrote to memory of 2000	2268	Unicorn-33404.exe	29
PID 2268 wrote to memory of 2000	2268	Unicorn-33404.exe	29
PID 2248 wrote to memory of 2632	2248	f1167f1220c3db301e4eca1a16fe4452_JaffaCakes118.exe	30
PID 2248 wrote to memory of 2632	2248	f1167f1220c3db301e4eca1a16fe4452_JaffaCakes118.exe	30
PID 2248 wrote to memory of 2632	2248	f1167f1220c3db301e4eca1a16fe4452_JaffaCakes118.exe	30
PID 2248 wrote to memory of 2632	2248	f1167f1220c3db301e4eca1a16fe4452_JaffaCakes118.exe	30
PID 2000 wrote to memory of 2596	2000	Unicorn-52921.exe	31
PID 2000 wrote to memory of 2596	2000	Unicorn-52921.exe	31
PID 2000 wrote to memory of 2596	2000	Unicorn-52921.exe	31
PID 2000 wrote to memory of 2596	2000	Unicorn-52921.exe	31
PID 2268 wrote to memory of 2356	2268	Unicorn-33404.exe	32
PID 2268 wrote to memory of 2356	2268	Unicorn-33404.exe	32
PID 2268 wrote to memory of 2356	2268	Unicorn-33404.exe	32
PID 2268 wrote to memory of 2356	2268	Unicorn-33404.exe	32
PID 2632 wrote to memory of 2512	2632	Unicorn-16719.exe	33
PID 2632 wrote to memory of 2512	2632	Unicorn-16719.exe	33
PID 2632 wrote to memory of 2512	2632	Unicorn-16719.exe	33
PID 2632 wrote to memory of 2512	2632	Unicorn-16719.exe	33
PID 2596 wrote to memory of 2344	2596	Unicorn-25615.exe	34
PID 2596 wrote to memory of 2344	2596	Unicorn-25615.exe	34
PID 2596 wrote to memory of 2344	2596	Unicorn-25615.exe	34
PID 2596 wrote to memory of 2344	2596	Unicorn-25615.exe	34
PID 2000 wrote to memory of 2380	2000	Unicorn-52921.exe	35
PID 2000 wrote to memory of 2380	2000	Unicorn-52921.exe	35
PID 2000 wrote to memory of 2380	2000	Unicorn-52921.exe	35
PID 2000 wrote to memory of 2380	2000	Unicorn-52921.exe	35
PID 2356 wrote to memory of 2084	2356	Unicorn-54950.exe	36
PID 2356 wrote to memory of 2084	2356	Unicorn-54950.exe	36
PID 2356 wrote to memory of 2084	2356	Unicorn-54950.exe	36
PID 2356 wrote to memory of 2084	2356	Unicorn-54950.exe	36
PID 2512 wrote to memory of 584	2512	Unicorn-17447.exe	37
PID 2512 wrote to memory of 584	2512	Unicorn-17447.exe	37
PID 2512 wrote to memory of 584	2512	Unicorn-17447.exe	37
PID 2512 wrote to memory of 584	2512	Unicorn-17447.exe	37
PID 2632 wrote to memory of 1884	2632	Unicorn-16719.exe	38
PID 2632 wrote to memory of 1884	2632	Unicorn-16719.exe	38
PID 2632 wrote to memory of 1884	2632	Unicorn-16719.exe	38
PID 2632 wrote to memory of 1884	2632	Unicorn-16719.exe	38
PID 2380 wrote to memory of 2236	2380	Unicorn-25266.exe	39
PID 2380 wrote to memory of 2236	2380	Unicorn-25266.exe	39
PID 2380 wrote to memory of 2236	2380	Unicorn-25266.exe	39
PID 2380 wrote to memory of 2236	2380	Unicorn-25266.exe	39
PID 584 wrote to memory of 1452	584	Unicorn-53108.exe	40
PID 584 wrote to memory of 1452	584	Unicorn-53108.exe	40
PID 584 wrote to memory of 1452	584	Unicorn-53108.exe	40
PID 584 wrote to memory of 1452	584	Unicorn-53108.exe	40
PID 2344 wrote to memory of 1972	2344	Unicorn-61852.exe	42
PID 2344 wrote to memory of 1972	2344	Unicorn-61852.exe	42
PID 2344 wrote to memory of 1972	2344	Unicorn-61852.exe	42
PID 2344 wrote to memory of 1972	2344	Unicorn-61852.exe	42
PID 2512 wrote to memory of 1912	2512	Unicorn-17447.exe	41
PID 2512 wrote to memory of 1912	2512	Unicorn-17447.exe	41
PID 2512 wrote to memory of 1912	2512	Unicorn-17447.exe	41
PID 2512 wrote to memory of 1912	2512	Unicorn-17447.exe	41
PID 2596 wrote to memory of 1440	2596	Unicorn-25615.exe	43
PID 2596 wrote to memory of 1440	2596	Unicorn-25615.exe	43
PID 2596 wrote to memory of 1440	2596	Unicorn-25615.exe	43
PID 2596 wrote to memory of 1440	2596	Unicorn-25615.exe	43

C:\Users\Admin\AppData\Local\Temp\f1167f1220c3db301e4eca1a16fe4452_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f1167f1220c3db301e4eca1a16fe4452_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33404.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33404.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52921.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52921.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25615.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61852.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53321.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9138.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59416.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62784.exe
        9⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22541.exe
        10⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3023.exe
        11⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7621.exe
        12⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55416.exe
        13⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57658.exe
        14⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19789.exe
        15⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16525.exe
        16⤵
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60012.exe
        17⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19992.exe
        18⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42436.exe
        19⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29494.exe
        20⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2353.exe
        21⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20620.exe
        11⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40180.exe
        12⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22085.exe
        13⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32168.exe
        14⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44485.exe
        15⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27542.exe
        16⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34994.exe
        17⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36027.exe
        18⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45669.exe
        19⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46489.exe
        20⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14605.exe
        21⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14511.exe
        18⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17024.exe
        19⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27106.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33236.exe
        8⤵
        Executes dropped EXE
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65000.exe
        9⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33610.exe
        10⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24150.exe
        11⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57751.exe
        12⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2489.exe
        13⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36701.exe
        14⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3058.exe
        15⤵
        
        PID:308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 308 -s 200
        16⤵
        Program crash
        
        PID:1084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22137.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59032.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50532.exe
        8⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5706.exe
        9⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1565.exe
        10⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12032.exe
        11⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45956.exe
        12⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43219.exe
        13⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38777.exe
        14⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55212.exe
        15⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38077.exe
        16⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64797.exe
        17⤵
        
        PID:1676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46777.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38111.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50864.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12239.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50008.exe
        9⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31955.exe
        10⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10193.exe
        11⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13753.exe
        12⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16655.exe
        13⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27698.exe
        14⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37200.exe
        15⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6053.exe
        16⤵
        
        PID:2104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46266.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24793.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55981.exe
        8⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15000.exe
        9⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62909.exe
        10⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-548.exe
        11⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55966.exe
        12⤵
        
        PID:1464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25266.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60529.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19663.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55900.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59665.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42961.exe
        9⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40548.exe
        10⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12634.exe
        11⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48566.exe
        12⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21647.exe
        13⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63857.exe
        14⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40303.exe
        15⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54221.exe
        16⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46489.exe
        17⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28202.exe
        18⤵
        
        PID:2488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33102.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51715.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13199.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17959.exe
        9⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44248.exe
        10⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48815.exe
        11⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54072.exe
        12⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29070.exe
        13⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60354.exe
        14⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40728.exe
        15⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22955.exe
        16⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36219.exe
        17⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31419.exe
        18⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26775.exe
        19⤵
        
        PID:1656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32661.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16212.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3749.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59297.exe
        8⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11746.exe
        9⤵
        
        PID:476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29677.exe
        10⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25811.exe
        11⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44485.exe
        12⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53603.exe
        13⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8621.exe
        14⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4252.exe
        15⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50127.exe
        16⤵
        
        PID:1200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54950.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54950.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16544.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46222.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33451.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46972.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6676.exe
        8⤵
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27253.exe
        9⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62909.exe
        10⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43823.exe
        11⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19179.exe
        12⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31325.exe
        13⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12954.exe
        14⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14480.exe
        15⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15170.exe
        16⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37636.exe
        17⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23433.exe
        18⤵
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43250.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58892.exe
        7⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17528.exe
        8⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62058.exe
        9⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12634.exe
        10⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31104.exe
        11⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39791.exe
        12⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60551.exe
        13⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22955.exe
        14⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20267.exe
        15⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55202.exe
        16⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10246.exe
        17⤵
        
        PID:640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34197.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51139.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20683.exe
        7⤵
        
        PID:1776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 240
        8⤵
        Program crash
        
        PID:2936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62921.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44032.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51715.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13090.exe
        7⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31477.exe
        8⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50413.exe
        9⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3890.exe
        10⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exe
        11⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62035.exe
        12⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11563.exe
        13⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9903.exe
        14⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5295.exe
        15⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54870.exe
        16⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16847.exe
        7⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3983.exe
        8⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33138.exe
        9⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28001.exe
        10⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19789.exe
        11⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53904.exe
        12⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27698.exe
        13⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47319.exe
        14⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38928.exe
        15⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23625.exe
        16⤵
        
        PID:2168
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16719.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16719.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17447.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17447.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53108.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20841.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54063.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17232.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33236.exe
        8⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65467.exe
        9⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42821.exe
        10⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53890.exe
        11⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61259.exe
        12⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55992.exe
        13⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25811.exe
        14⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44620.exe
        15⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27698.exe
        16⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38959.exe
        17⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53697.exe
        18⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39961.exe
        19⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55052.exe
        9⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56599.exe
        10⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13807.exe
        11⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46065.exe
        12⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43634.exe
        13⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18606.exe
        14⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53686.exe
        15⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55020.exe
        16⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42244.exe
        17⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63998.exe
        18⤵
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43634.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49188.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6479.exe
        8⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21493.exe
        9⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46480.exe
        10⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45380.exe
        11⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22306.exe
        12⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29950.exe
        13⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4921.exe
        14⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20781.exe
        15⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35503.exe
        16⤵
        
        PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24166.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29000.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2421.exe
        7⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16651.exe
        8⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53423.exe
        9⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18883.exe
        10⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56350.exe
        11⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53099.exe
        12⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60619.exe
        13⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26048.exe
        14⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61190.exe
        15⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25576.exe
        16⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61745.exe
        14⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56821.exe
        15⤵
        
        PID:2328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33455.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2160
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 240
        6⤵
        Program crash
        
        PID:2452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59312.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41321.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31477.exe
        7⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34378.exe
        8⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16558.exe
        9⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42313.exe
        10⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29070.exe
        11⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21727.exe
        12⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3452.exe
        13⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27542.exe
        14⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25927.exe
        15⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55020.exe
        16⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8637.exe
        17⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56821.exe
        18⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6905.exe
        11⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51086.exe
        12⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21206.exe
        13⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63764.exe
        14⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46489.exe
        15⤵
        
        PID:2344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41602.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41602.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17250.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29751.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61580.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55223.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49847.exe
        8⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20351.exe
        9⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47014.exe
        10⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32645.exe
        11⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24254.exe
        12⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10193.exe
        13⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3587.exe
        14⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21258.exe
        15⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64916.exe
        16⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35503.exe
        17⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37636.exe
        18⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18788.exe
        9⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21218.exe
        10⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8441.exe
        11⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9583.exe
        12⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22306.exe
        13⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41434.exe
        14⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9005.exe
        15⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49177.exe
        16⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1486.exe
        17⤵
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46510.exe
        18⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65030.exe
        16⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10246.exe
        17⤵
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24257.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47730.exe
        7⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56308.exe
        8⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54440.exe
        9⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4824.exe
        10⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58016.exe
        11⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60053.exe
        12⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22114.exe
        13⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18549.exe
        14⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10671.exe
        15⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64631.exe
        16⤵
        
        PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37630.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33236.exe
        6⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24928.exe
        7⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60958.exe
        8⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13615.exe
        9⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39407.exe
        10⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23240.exe
        11⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44252.exe
        12⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21357.exe
        13⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46489.exe
        14⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22774.exe
        15⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5618.exe
        8⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32168.exe
        9⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54163.exe
        10⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7858.exe
        11⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51595.exe
        12⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11730.exe
        13⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11865.exe
        14⤵
        
        PID:1088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46834.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61388.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44123.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37979.exe
        7⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16184.exe
        8⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34378.exe
        9⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44155.exe
        10⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21675.exe
        11⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6856.exe
        12⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47552.exe
        13⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32637.exe
        14⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36219.exe
        15⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54688.exe
        16⤵
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13562.exe
        17⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22955.exe
        8⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57066.exe
        9⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57357.exe
        10⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32233.exe
        11⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46011.exe
        12⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32083.exe
        13⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8611.exe
        14⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14091.exe
        15⤵
        
        PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55861.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22541.exe
        6⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34845.exe
        7⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64108.exe
        8⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13615.exe
        9⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25811.exe
        10⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41444.exe
        11⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36992.exe
        12⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22265.exe
        13⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18399.exe
        14⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10246.exe
        15⤵
        
        PID:2892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10671.exe

Filesize
184KB

MD5
34ac4dce634b677a2f513cbecd0529a0

SHA1
fef2c2f0d951f03dfb541d35b0685c19e34db1b8

SHA256
9d15cdc9beb80b3c186a47d01d81377ea3a46e02bd9bb19c1ae248bedf77b320

SHA512
c0536fbf081f5282fc81d574bb1d5f696bc9a9497d6712595dacdeb1be0812d8d8256c664b0ad82b9b0009e57127c81dc6d0569c42949ad164c04101ee0faa5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13753.exe

Filesize
184KB

MD5
086beadb2c80ad0b03482323937862b3

SHA1
808dd1a1bd44e15ba962b85d7328e8712d27718b

SHA256
1176e8c20f0fbcfcb2d70e714a224b25192ca3c2330f81a64fe83651da65b2d4

SHA512
25fc7f05893a351757bbb82e3a477fa07c7c5ef3905b79f6a1e4f874034a6abd78f41544aca0192ee75a96236b186e5ca845af24e479beed03aaffdef5eb61fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17250.exe

Filesize
184KB

MD5
ec417b33822360ed39f1c198d0d6819e

SHA1
ec027b9304c562b2a16d8c086ee590686d2ec153

SHA256
cf4488911263a78772b5cfa0802460523dcf5854b25463ac5bb43fdbcfd32034

SHA512
eb7d0549fc8c366343f98ed3a8dc071c3ddb88fc2933b13768eb78fc37747af1aba9a597c4f029515e6b957aa00b6db2e7e01d7a8476d19060eea0e1e32d99d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17447.exe

Filesize
184KB

MD5
50c2e801aa313e747b39f26704da133c

SHA1
48e49c2bfd5c586132739534eab768201a32b8cf

SHA256
f031e0644a985a841ac05b61d2282d3874ee10707107f14f537d91aaea189eb3

SHA512
0502221b8244820812b1ae55e96f0006e7c7da7e84102be8d92ede5adb0f7d2b264dae99c429e6af068eda8218dbb0dea3a04144cf2a439288de7fb0e940d889

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20267.exe

Filesize
184KB

MD5
d4e9292f315ad517eb195e2a9c3e6f73

SHA1
3c37e0d25a3eb38c27ae0214fc1fe95765380f7d

SHA256
5a8fcb03edc0baed24aacfab70f14ef74f6695a726d908c09cce3c286650391c

SHA512
46ce0817650d472ddf983d0a01910f469a50f9ac4f8e4d29fe10f5ca3c0c579f2b2fd4276581c2cad04db9b902c37f3ce69463a804f367db25cd4110fc7c7234

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46777.exe

Filesize
184KB

MD5
f077f5e4c2d6de56ba9e2bb3aca79478

SHA1
22e1965ff688051e8f7e53cb16199e19156dfe7f

SHA256
3ee7e4742ce61937f23147db79227c8774219e2047d7f6a222a878f989a0cece

SHA512
a94e895fb3d353c161ee6f41245866d222a1c522b057e93ae5050b3ee0ba3b5c5143905283b4100343080d607032351ceb4ef202709999cf612b46307b160858

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5706.exe

Filesize
184KB

MD5
a89ea7d22b81bceb90346020f9813a83

SHA1
f5a9909d7b07c3847560ec590b76f51b56db5d25

SHA256
23fca1de4afc6af8c44656ab7db8b703c95f79c64a22921466f8c86e5c0b0501

SHA512
170bf50e67280a68d2e5e2901e8872d7c90707539c9e0cb1ed4e73ca52405e17a6f3c0d8c1aec433f7a065004adb7140f247be490c9c8b44809fd63be2487866

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6053.exe

Filesize
184KB

MD5
9edc98a8c2db2696addd4720a42b71ab

SHA1
32b5507310256224875cc2b8d0567142efb8fc6e

SHA256
9869892ce5b47a899d10d58d46ee3e92159207c6be167e99310eb590a114106d

SHA512
e74bdf7bba065c4e5039901bdeba4e65115588fa1169a87d01da09f38eb1f6264e863ce375b774e6a29042f8ed1bf443bd2269992be764bdae53387773d2047d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6479.exe

Filesize
184KB

MD5
870f839900c6ae6abcdf1e4fe027009d

SHA1
21be9b7d4171bbc1eb73968d5bc350fc236e609e

SHA256
cca339c6776f0a0267938cfd66b4c0c60a0429c250affc2cf164a78b3a818811

SHA512
46d4e10b9688d31e4b0c803649527fe32076cc98fe244975710678089842cc10c3592b5f057c2ad5005f7fa83e1f524e4373cbf2a2e41170f44060dbab78730d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9903.exe

Filesize
184KB

MD5
79215e706ec9b5bcd3bb7ce2b484382a

SHA1
557397de90fee7d90013bebcbfe7e0b87a5d7e50

SHA256
5e25b44bc9006e52330c4fabe707a4c7977fb15068c8414c04617f2f0eda571d

SHA512
bf7b8e94e1dbafe8b68dc74550a8e08bf0fcca262383e59f076869c54bd7f9f24e7d708afc53e18d0500e991b4a72235977113d3e6b9be3df3d083242786b5fe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16544.exe

Filesize
184KB

MD5
9127ee5372c36b6250a769a07367862b

SHA1
93b38007107721cc9c152a1a300218aa5db32923

SHA256
271f4be0d9f9e8bbe454ccb37179472fd14cd029a0f3338fa9c7bd82b8f71857

SHA512
993548d8645a491742d0c1e07d8a6a39b4e9c2fb6d5d89b9fe075e2946694dadc3b65b370023defb7c3fd87ef87d87fbffd2c85abb56674345f0d16ecacc8899

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16719.exe

Filesize
184KB

MD5
610e6ec5a066a32fa967f6af682045d7

SHA1
bf86522bee83f6d1da1542742c963d24535a9c68

SHA256
40ebe635902208c83ffde08c10c07accbcdd247d0ff2df319bf80844a76077f4

SHA512
4d03d97d8da8fb9cbace59d5305c23d66b3c94b24b6d89f31a75be644b5f81f6fb694f020156e39ee8edcaf53725ae4c2e1f314c879e8ba930ffd005f7329680

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20841.exe

Filesize
184KB

MD5
61bd7e205f1f89c418375a9396764ec1

SHA1
a75711352a0340c2c68c34133dca1a7b38657122

SHA256
657c01991e0c691b24e9f6e60fb10c9def992cf7ba6fec012e4769948f317a9d

SHA512
100310add0029de309f140ade5b154dcc070d166d89b398e490b3386c0d5d82fff76ba8e37880e72a05b85b22fbe4a1b98d7e4e39475932d19243fd3a47f2465

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25266.exe

Filesize
184KB

MD5
516d2aa415e7356590ae336eaefe02a5

SHA1
f7be16b22dc590dc214b32009cab550d74966f95

SHA256
fd26aad489371589aecd4c5618377274444444c8d2f7c6d67983f5c65745a0ee

SHA512
f5abd8c00030c1f88700f1c88d91c3f0b06705b7ca0ef3dabb9c10712f6495b5688024ea8b91ad9b299decd0b89046259b31e8991fe14bd5f588e4bcacb349c8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25615.exe

Filesize
184KB

MD5
b6f6fa83726ad20da9365d36ca11f0d6

SHA1
6a729feeffce5bc14e8e352e346f467875323817

SHA256
08c4d8658d9ded01e38cfca907406d4ed0005eda109e1be46dbd131a3232ecec

SHA512
4117a318070d3b42b40fcc1d5deb1787568f3f6898336b51286c7a2e64f62596ddd2f2bdd62d96c5cb71ae3b90bca703fa80fb61525ebae406c49f886aa8309d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33404.exe

Filesize
184KB

MD5
c80c11d61a1b8329d2ee2ecc3fc0f4ce

SHA1
8b076861452a9ba551cf459f9eeebeefb375675e

SHA256
85f1f06a6978b90b896d0fdf1be60dbf08f7c6fa7cfc94a3a8decf66c5719069

SHA512
e8c59f6b8a61092fdbaf5bcf34170da1ec6e71a5efdc3d00a1871dcdb0649300c492d6b4e68dacc5b67a8c6c033b37d8ad14f71c4d2b7586de85f09e89d68ddc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33455.exe

Filesize
184KB

MD5
8126d8128a23885b8e63e85ba377c8f3

SHA1
4c0eb908886faaf8aea73aae3bcbfd34ae1b0896

SHA256
b21ddcd6f39292b93c7f961617ac8e1c915dc4a67402279c325bd3dc35ed402a

SHA512
52005b0d2a5c077781096e2ceea85e84488548595b0b5167e864e5257514e191294d311faac0109c5529dcfa29c9ce731c84676ce4592c2f1229f77a749887e9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41602.exe

Filesize
184KB

MD5
78131c20c5ab9b77a405174153850fc5

SHA1
4272f1cddd3f288df6a84374daf6fc062649af79

SHA256
06a1780a113b982d2c34ce7b3123bae7459d6d87dd55a3c63c0a9977d2619249

SHA512
33ba15e57af0a6560651c14a9e2fdba9e84f3b20652ad1f3b2249c3c98c24b4e7f624066c18c94fc17b8d465697bee80210c0405b3cb183d9f984e6eee59170d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46222.exe

Filesize
184KB

MD5
29fa9f04c55193ad17c91a689bf81c62

SHA1
bdacbcbeb7a3142f769e6b84f775ba8736e71b8e

SHA256
2e08c1b3b246594e4764d72f1753efebb4f61ddc64aed50c74e7fefdb8c6840f

SHA512
91af8721778faa3d227d31d2c0d57079c11046fdf801383e715a00eb587cb0452d65217c73ebed66f765df8fc5e16ee8ddd5f71214b9938f5da4afe170c88b4c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52921.exe

Filesize
184KB

MD5
a10dfb93b6749d91780822f362d07ccc

SHA1
e14b7829eb1753f4a38d70f630e6c4a9ba62f2dc

SHA256
24dfa12d28c6586eff35403002f70ce11a1ae34960eb5afd3e5be17b330bf6e8

SHA512
38fa43b8f4845c2b40ef2aee1ee37a1c6939020a9058c781dd17d83186e7075483089964f54a49d1968b2c397ab7eb7c0e3cedf0059f7c4b24c325642521e1e3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53108.exe

Filesize
184KB

MD5
d63deb5c5095c7b9a3af239fd8e4258e

SHA1
bf1db73524e0000a70351eddfc3c58d0f709624c

SHA256
e2de8ed441632b593ae7364410b15a17e500713f13b0d4d24d26c83790c5b1d8

SHA512
0c993527539b507dea452fb8a83d4ff886994b50f14ed5ba625ed8df3ad53980e385c1d454239318d73ee9913735de5282eaa5e614363ba0daf9f46f277c72b0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53321.exe

Filesize
184KB

MD5
b2e9e547735ca245a63d6cff460f76da

SHA1
b81d6684a545611242b8c3ae9d77381050b82ceb

SHA256
5a1c33962b859767d6ca38c8afeb6f7a66f24d79fd78f5bf45a38327e34faa9f

SHA512
0c679c15295810fa871ae4bbe5d36fd07a17e3d398e11559bf31f3ae092d0300c07f81ad7f838d5564b3efce586dc39631abc970eb6f116a07a89cdf6db698bc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54950.exe

Filesize
184KB

MD5
a56d5f33805cc807d6e2407ba38148e0

SHA1
f812d79ecc3268f1a850653e228acaf90970c5da

SHA256
208860b5eb871438545404b6a7835e65f57454f7f90d6011749ee97639726638

SHA512
701b4980d6cdbbc6134397a93981f28298ef8df762ac0f7f9499e30551e12c1168d7273a39034b45b719fd0405f01149e2d1200abd7e16fddb4ada84f1cd2d83

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60529.exe

Filesize
184KB

MD5
9b09559060753b45dd087613c2cbdebe

SHA1
d41c6ed3c7fb6db1e254b95e3f70fcbd5abddf79

SHA256
b8727d855729f2e2c0ffd44416115beb74bce8a29f6cf90aee8cd3989fb76dce

SHA512
d986749ef89ba1a692ef9d4fbe3e54e6e5fce16f6cd4cf7d7a823d41bcfcd992109687f596906ddb555b180fe9a1c088a16c6074cf40d93eadf2a22c7ae897bc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61852.exe

Filesize
184KB

MD5
dc7c81eab970a2a96b2d0bd724143cde

SHA1
07cb6c091d889cdc1781a4164a2fb776e2a12ccc

SHA256
dffe490f70d4e4e636a525d04afd1d977371f1e0f6759c7db7f3f373f27f0e3b

SHA512
6ebee03f57586637adee1f1440e04d1b4fcf2d390ffb727f633b8fac11e0674dbef1a0e263bf3079187bb6f8d00fb5c9479b8068f3f89ad10a6e34daa8217c86

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads